Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, in order to impersonate someone else.
The information can be used to obtain credit, merchandise and services in the name of the victim or to provide the thief with false credentials. In addition to running up debt, in rare cases, an imposter might provide false identification to police, creating a criminal record or leaving outstanding arrest warrants for the person whose identity has been stolen.
Types and examples of identity theft
Identity theft is categorized two ways: true name and account takeover. True-name identity theft means the thief uses personal information to open new accounts. The thief might open a new credit card account, establish cellular phone service or open a new checking account in order to obtain blank checks.
Account-takeover identity theft means the imposter uses personal information to gain access to the person's existing accounts. Typically, the thief will change the mailing address on an account and run up a huge bill before the person whose identity has been stolen realizes there is a problem. The internet has made it easier for identity thieves to use the information they've stolen because transactions can be made without any personal interaction.
There are many different examples of identity theft, including the following:
- Financial identity theft. This is the most common type of identity theft. Financial identity theft exploits seek economic benefits by using a stolen identity.
- Tax-related identity theft. In this type of exploit, the criminal files a false tax return with the Internal Revenue Service (IRS) using a stolen Social Security number.
- Medical identity theft. In this type of identity theft, the thief steals information, including health insurance member numbers, to receive medical services. The victim's health insurance provider may get the fraudulent bills, which will be reflected in the victim's account as services he received.
- Criminal identity theft. In this example, a person under arrest gives stolen identity information to the police. Criminals sometimes back this up with a fake ID or state-issued documents containing stolen credentials. If this type of exploit is successful, the victim is charged instead of the thief.
- Child identity theft. In this exploit, a child's Social Security number is misused to apply for government benefits, opening bank accounts and other services. Children's information is often sought after by criminals because the damage may go unnoticed for a long time.
- Senior identity theft. This type of exploit targets people over the age of 60. Because senior citizens are often identity theft targets, it is especially important for this segment of the population to stay on top of the evolving methods thieves use to steal information.
- Identity cloning for concealment. In this type of exploit, a thief impersonates someone else in order to hide from law enforcement or creditors. Because this type isn't explicitly financially motivated, it's harder to track, and there often isn't a paper trail for law enforcement to follow.
- Synthetic identity theft. In this type of exploit, a thief partially or completely fabricates an identity by combining different pieces of PII from different sources. For example, the thief may combine one stolen Social Security number with an unrelated birthdate. Usually, this type of theft is difficult to track because the activities of the thief are recorded files that do not belong to a real person.
Identity theft techniques
Although an identity thief might hack into a database to obtain personal information, experts say it's more likely the thief will obtain information by using social engineering techniques, including the following:
- Dumpster diving. Retrieving personal paperwork and discarded mail from trash dumpsters is one of the easiest ways for an identity thief to get information. Recipients of preapproved credit card applications often discard them without shredding them first, which greatly increases the risk of credit card theft.
- Mail theft. This is stealing credit card bills and junk mail directly from a victim's mailbox or from public mailboxes on the street.
- Shoulder surfing. This is standing next to victims in a public venue, such as the Department of Motor Vehicles, and spying on them as they fill out personal information on a form, enter a passcode on a keypad or provide a credit card number over the telephone. The popularity of video cameras in smartphones has made shoulder surfing a popular strategy for identity theft.
- Phishing. This involves using email to trick people into offering up their personal information. Phishing emails may contain attachments bearing malware designed to steal personal data or links to fraudulent websites where people are prompted to enter their information.
How to tell if your identity has been stolen
If people have lost or had their wallet containing bank cards, driver's license and other forms of identification stolen, it is possible their information may end up being used to commit identity theft.
Here are some warning signs that a person may be an identity theft victim:
- Victims notice withdrawals from their bank account that weren't made by them.
- Victims don't receive bills or other important pieces of mail containing sensitive information.
- Victims find false accounts and charges on their credit report.
- Victims are rejected from a health plan because their medical records reflect a condition they don't have.
- Victims receive an IRS notification that another tax return was filed under their name.
- Victims are notified of a data breach at a company that stores their personal information.
Impact of identity theft
In addition to the immediate impact of losing money and running up debt, individual victims of identity theft can incur severe intangible costs, including damage to their reputation and credit report, which can prevent them from getting credit or even finding a job. Depending on the circumstances, identity theft can take years to recover from.
Businesses whose employees have become the target of identity theft also face significant costs linked to damaged reputations and trust. Once a business's reputation has been damaged, it becomes necessary for that business to make up for it by spending on increased security measures to ensure customers that it won't happen again.
Preventing identity theft
To prevent identity theft, experts recommend that individuals regularly check credit reports with major credit bureaus, pay attention to billing cycles and follow up with creditors if bills do not arrive on time.
Additionally, people should:
- destroy unsolicited credit applications;
- watch out for unauthorized transactions on account statements;
- avoid carrying Social Security cards or numbers around;
- avoid giving out personal information in response to unsolicited emails; and
- shred discarded financial documents.
Many state attorney general websites also offer identity theft kits that are designed to educate people on identity theft prevention and recovery. Some of these offerings may also include helpful documents and forms, such as the Identity Theft Affidavit, which is the form used to officially file a claim of identity theft with a given business. This form in particular is most often used when new accounts have been opened using a victim's personal data, not when an already existing account has been illegally accessed.
Identity theft recovery
Depending on the type of information stolen, victims should contact the appropriate organization -- the bank, credit card company, health insurance provider or the IRS -- and inform it of the situation. Victims should request to have their account frozen or closed to prevent further charges, claims or actions taken by imposters.
In the United States, identity theft victims should file a complaint with the Federal Trade Commission (FTC) and inform one of the three major credit bureaus -- Equifax, Experian and TransUnion -- in order to have a fraud alert or security freeze placed on their credit records.
Victims can visit the FTC website, where they can take steps to obtain a recovery plan and put it into action. The plan includes the collection of forms and letters, including the Identity Theft Affidavit, necessary to guide one through the recovery process.
If people's personal information was compromised in a data security breach, they should follow up with the company responsible to see what types of assistance and protections it may have in place for victims and their data.
Identity theft laws and penalties
Identity theft is a crime that is sometimes committed across political boundaries, and governments all respond to identity theft crimes differently. Laws and penalties vary from place to place.
In the United States, two of the laws that largely define the legal proceedings around identity theft are the Identity Theft and Assumption Deterrence Act of 1998 and the Identity Theft Penalty Enhancement Act of 2004.
The Identity Theft and Assumption Deterrence Act of 1998 prohibits "knowingly transferring or using a means of identification with the intent to commit, aid or abet any unlawful activity that constitutes a violation of federal law or that constitutes a felony under any applicable state or local law."
The latter increased sentence lengths by varying degrees for both general and terrorism-related offenses and established penalties for aggravated identity theft, which is defined as the use of another person's identity to commit felonies, including violations surrounding immigration.
Penalties for identity theft are wide-ranging and relatively severe. They vary based on offense. Some penalties for identity theft include the following:
- It's rare that those guilty of identity theft avoid jail time, but in certain first-offense scenarios, thieves may be sentenced to probation if they didn't cause significant harm. Those on probation will still likely be responsible for fines and restitution.
- This is the most common consequence for perpetrators, and they are issued for both felony and misdemeanor charges.
- The thief may be required to compensate the victim for financial losses, which can include lost wages, legal fees and even costs related to emotional distress.
- Perpetrators of identity theft in the United States are often sent to prison, with the minimum sentence being two years for aggravated identity theft. This penalty increases with case severity.
Identity theft insurance
Having identity theft insurance can help identity theft victims expediate the slow and costly recovery process. Identity theft insurance usually only covers recovery costs and does not cover the damages caused directly by the theft. Depending on the policy, expenses that are covered may include the following:
- lost wages
- child care costs
- credit monitoring services
- legal fees
- copies of credit reports
Identity theft insurance is available either as an endorsement to a homeowners or renters insurance policy or as a stand-alone policy. The Insurance Information Institute estimated that this type of insurance usually costs between $25 and $50 a year, regardless of whether it's a stand-alone policy or not.
These insurance policies are also estimated to have between $10,000 and $15,000 in benefit limits, meaning damages that exceed the limit are not fully covered, and the victim must pay the difference.
If victims are seeking an alternative to insurance or additional help on top of insurance, they can take advantage of identity theft protection services, which differ from identity theft insurance policies in that they may provide reimbursement of stolen funds and offer restoration services -- such as assistance in working with creditors -- and credit monitoring services for a fee.
Identity theft, in its broadest definition, has been around as long there have been identities to steal. If there exists any outward, concrete representation of a person's unique identity, there exists the possibility that it can be stolen and exploited. For example, the first known passport dates back to 1414, invented by King Henry V in the U.K. Thousands of years ago, humans distinguished themselves with unique tattoos, skin markings and jewelry or other decorative goods. Any of these rudimentary ways of expressing identity could have been mimicked or stolen to impersonate someone for personal gain. As long as there have been identities to impersonate, there have been imposters.
The evolution of identity theft is spurred on by the combined factors of the technology people use to represent identity, the technology used to account for those representations and the demand for those representations. The history of the term in modern times can be defined by examining major occurrences of the crime and the legislation passed in response to them.
The term identity theft as it's used today in America was first coined in writing in the mid-1960s. This was likely in response to the large influx of illegal immigrants that coincided with the passing of the Immigration and Nationality Act of 1965, which placed heavier restrictions on immigrants entering the United States. Immigrants that did not meet the newly enacted law's requirements commonly resorted to identity theft to attempt to enter the United States, increasing the prominence of the crime and therefore necessitating a term for it.
A similar dynamic was evident in the passing of the Immigration Reform and Control Act (IRCA) of 1986, in which employees were made to fill out an I-9 form to prove their citizenship upon applying for work. An I-9 form is the form used to verify the identity of -- and, therefore, the employment authorization of -- individuals hired for employment in the United States. This again increased the demand for pilfered credentials among immigrants who needed work and had no legal way to get it.
In 2017, major credit bureau Equifax announced a data breach that exposed 147 million people's data. A settlement of $425 million was agreed upon to help the victims affected. It was regarded by some as the most significant instance of identity theft in recent history because of the large-scale damages and the significance of the breached organization.
In 2018, new legislation called the Economic Growth, Regulatory Relief and Consumer Protection Act was enacted. This act amends the Fair Credit Reporting Act (FCRA) to give consumers the right to freeze their credit accounts without being charged. Consumers who suspect they are being exploited for identity theft may want to freeze their accounts to prohibit the thief from causing further damage to their accounts. Under FCRA, before the 2018 amendment, consumers would be charged to freeze their account. The Economic Growth, Regulatory Relief and Consumer Protection Act amended FCRA to grant consumers the right not to be charged when freezing their credit accounts in defense against identity theft.
This law is a response to the growing availability of PII online and the growing significance of data breaches that enable the creation of synthetic identities as a means of identity theft.
Continue Reading About identity theft
- Unrestrained big data collection for AI could increase the likelihood of breaches and stolen identities